[Snort-users] win32 snort (react + resp)
jonbaer at ...9153...
Tue Jul 8 13:16:21 EDT 2003
im attempting 2 simple rules as a test (on win32 port):
alert tcp $HOME any -> any 80 (msg: "Port 80"; resp: rst_snd;)
alert tcp $HOME any -> any 81 (msg: "Port 81"; react: block;)
the first one tells me that resp is a bad keyword.
the second actually can have block, warn, msg ... but on an outgoing
connection nothing really happens. im expecting snort to kill the
connection and not allow a request through (but the laptop still gets the
am i missing something?
pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
More information about the Snort-users